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Abstract. Guarded normal form requires occurrences of fixpoint variables 
in a /^-calculus-formula to occur under the scope of a modal operator. The 
literature contains guarded transformations that effectively bring a /i-calculus- 
formula into guarded normal form. We show that the known guarded transfor- 
mations can cause an exponential blowup in formula size, contrary to existing 
claims of polynomial behaviour. We also show that any polynomial guarded 
transformation for /i-calculus-formulas in the more relaxed vectorial form gives 
rise to a polynomial solution algorithm for parity games, the existence of which 
is an open problem. 



1. Introduction 

The modal ^(-calculus £ M , as introduced by Kozen [15] . is a fundamental modal 
fixpoint logic which subsumes many other temporal [5J [5] and dynamic logics jT5J [5] . 
The paper at hand is concerned with guarded normal form for the /^-calculus, or 
simply guarded form. A formula is guarded if every occurrence of any fixpoint 
variable is under the scope of a modal operator inside its defining fixpoint for- 
mula. For instance, the formula vY.O^xX.p V OX from above is guarded, whereas 
vY.fj,X.{p AY) VOX is not. 

Intuitively, guarded form ensures that in the evaluation of a formula in a transi- 
tion system by fixpoint iteration, one proceeds along at least one transition between 
two iterations of the same variable. Guarded form is also very useful in procedures 
that check for satisfiability or validity of a set of formulas and handle fixpoint for- 
mulas by unfolding: Guardedness synchronises the unfolding of all formulas in a 
set. Many constructions require formulas to be explicitly normalised in guarded 
form or assume that w.l.o.g., formulas can be brought into guarded form with poly- 
nomial overhead [HI H21 HFJ [20l [HI [13] . Others can cope with unguarded formulas, 
but then their constructions require the solving of non-trivial decision problems [7] . 
Only few deal explicitly with unguarded formulas [9'. , but they require special tricks 
in order to handle unguardedness. 

It has been known for quite a while that every £ M -formula can effectively be 
transformed into an equivalent guarded formula. The first guarded transformation 
routine - described by Banieqbal and Barringer, as well as Walukiewicz - explicitly 
rewrites Boolean subformulas into disjunctive or conjunctive normal form [2[ 120). 
Clearly, this increases the sizes of formulas exponentially in the worst case. Such a 
blowup may not be considered harmful for results concerning the expressive power 
of £ M , but it clearly makes a difference for complexity-theoretic results. Kupfer- 
man et al. [161 Thm. 2.1] notice that the transformation into Boolean normal forms 



Date: May 6, 2013. 



1 



2 



FLORIAN BRUSE, OLIVER FRIEDMANN, AND MARTIN LANGE 



is unnecessary and present an optimised variant of this guarded transformation 
procedure. They claim that it only involves a linear blowup, but this is wrong. 
The problem lies in the very last statement of their proof: ". . . by definition 
ip' (Xy.ip' (y)) £ Cl(Xy.ip'(y)) ..." While this is true, it is not true that if Xy.ip'(y) 
is a subformula of <p - and hence in the Fischer-Ladner closure of ip - then also 
cp[tp'(\y.(p'(y))/\y.tp'(y)] is in the closure of ip. Unfolding from the inside out - a 
principle that forms the core of the guarded transformation - produces exactly this 
kind of situation. Repeated application of this principle will, in the worst case, 
result in an exponential growth in the number of distinct subformulas. 

Later, another guarded transformation procedure was given by Mateescu [181 
Sect. 2.2]. It turns out that it is practically the same algorithm as that given 
by Kupfcrman et al. earlier. However, Mateescu estimates it to create an expo- 
nential blowup in formula size when used naively. On the other hand, he claims 
that ". . . each fixpoint subformula . . . will be duplicated only once . . . and reused 
. . .leading to . . . \t(<p)\ < |^| 2 ." Again, this is a false observation because the re- 
placement of certain variables by constants can duplicate subformulas. Thus, the 
formula sharing trick that Mateescu proposes as a solution, which is just a way 
of saying that the size measured in terms of number of subformulas shall only be 
quadratic, does not work and the blow-up is not just quadratic. 

Neumann and Seidl study guarded transformation in the more general context of 
hierarchical equation systems |19) with monotone operators. The modal operators 
□ and O are monotone, so hierarchical equation systems are a generalisation of the 
vectorial form that is sometimes used to put multiple nestings of least or greatest 
fixpoints of the same kind into one block pQ. The semantics of £ M with vectorial 
form is simply given via simultaneous fixpoint definitions rather than parametric 
ones. The Bekic Lemma shows that this does not gain additional expressive power 
[3] but it may gain exponential succinctness because the only known transformations 
of with vectorial form into without incur an exponential blow-up in formula 
size. 

Neumann and Seidl even give a guarded transformation algorithm for equation 
systems that result from a £ M -formula and claim that it is polynomial. This claim 
is correct, as far as we can tell. However, the resulting equation system does 
not have the nice structure that equation systems corresponding to /3^-formulas 
have. Thus, their guarded transformation for /^-formulas is polynomial, yet it does 
not produce equivalent guarded /^-formulas but only equivalent guarded equation 
systems. Translating these back into a guarded £ M -formula incurs an exponential 
blowup, given current knowledge. 

The structure of the paper is as follows. After introducing £ M , vectorial form 
and guardedness formally in Sect. O we briefly describe and analyse the guarded 
transformation procedures by Kupferman et al. and Mateescu, respectively that of 
Neumann and Seidl in Sect. [3] We show that it can produce formulas of at least 
exponential size (measured as the number of different subformulas). In Sect. [4] 
we show that guarded transformation for /3^-formulas in vectorial form is hard: 
we show that it is not easier than solving parity games. As mentioned above, we 
also show that unfolding vectorial form into a non- vectorial formula has the same 
lower complexity bound. This means that any polynomial algorithm for one of 
these problems would yield a polynomial algorithm for solving parity games, and 
this would settle a major and long-standing open problem. Finally, in Sect. [5] we 
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discuss the consequences of this work for previously acclaimed results about 
that can be found in the literature and we briefly sketch the relation of our results 
to the problem of eliminating e-transitions in alternating parity tree automata. 



2. The Modal ^-Calculus 

Transition Systems. A labeled transition system (LTS) over a set of action names 
£ and a set of atomic propositions V is a tuple T = (5, —},£) where S is a set of 
states, — > C S x £ x S defines a set of transitions between states, labeled with 
action names, and I : S — > 2 V labels each state with the set of atomic propositions 
that are true in this state. 



Syntax. Let S and V be as above and let V be a set of variables. Formulas of the 
modal ^-calculus £ M in positive normal form are those that can be derived from ip 
in 

if ::= q\q\X\pVtp\pAip\ (a)ip \ [a]p | [iX.p \ l/X.ip, 

where X e V, q € V, and a e E. 

The operators n and v act as binders for the variables in a formula. A free 
occurrence of a variable X is therefore one that does not occur under the scope of 
such a binder. A closed formula is one that does not have any free variables. We 
write o~ for either \i or v. 

Let Sub((,o) denote the set of subformulas of ip. Define the size of a formula 
ip as the number of its distinct subformulas, i.e. \ip\ :— | Sub(</?)|. We assume all 
£ Al -formulas to be well-named in the sense that each variable is bound at most 
once. Hence, for every /^-formula there is a partial function fp^, : V — > Sub((/?) 
which maps a variable X that is bound in ip by some operator aX.ip to its defining 
fixpoint formula ip. 

As usual, we use the abbreviations tt = q V q and ff = q A q for an arbitrary q. 
Given a fixpoint binder a, we write a = ff if a = (j, and a = tt if a = v. 

We write p[ijj/X] to denote the formula that results from <p by replacing every 
free occurrence of the variable X in it with the formula ip. 

The modal depth md is the maximal nesting depth of modal operators in a 
formula, formally defined as follows. 



md(g) = md(g) = md(A) 
md((/3 V ip) — md((p A -p) 
rad({a)ip) = md([o]^) 
md(fiX.p) = md(vX. ip) 



= 

= max{md(i/i), md(^)} 

= 1 + md(i^) 

= md(tp) 



An important fragment of that we consider later is the propositional /i- 
calculus B^. It consists of all p G such that vad{p) = 0. Hence, Z? M -formulas do 
not contain any subformulas of the form (a)ip or [a]tp. A formula is called purely 
propositional if it belongs to and does not contain any fixpoint operators. 

Semantics. Formulas of £ M are interpreted in states of an LTS T = (S, —>,£)■ Let 
p: V — > 2 s be an environment used to interpret free variables. We write p[X \— > T] 
to denote the environment which maps X to T and behaves like p on all other 
arguments. The semantics of £ M is given as a function [•] mapping a formula to 
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the set of states where it holds w.r.t. the environment. 
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Two formulas </? and ip are equivalent, written <p = ^/>, iff for all LTS 7" and all 
environments p we have [^jj" = Mj"- We may also write T, s \= p ip instead of 

Vectorial Form. Sometimes it is convenient to define several fixpoints simultane- 
ously. Vectorial form is an extension of the syntax of which allows one to do 
so. Let Xi,..., X m be variables and let Vi, • • • , "0m be formulas, possibly with free 
occurrences of the Xi. For both a G {/x, v}, 

Xl Vi 



$ = a < 



is a formula in m-vectorial form, and the Xj are considered bound in $. We say 
that a formula is in vectorial form if it is in m-vectorial form for some m. Hence, 
formulas in 1-vectorial form are ordinary formulas as introduced above. The curly 
brackets are used to indicate that the m defining fixpoint equations are to be seen 
as a set; there is no implicit order among them with the exception of a variable 
marked as entry variable. By convention, the entry variable is the variable that 
occurs first, e.g. X\ in the example above. We consider multiple instances of the 
same vectorial form, but with different entry variable, to be the same subformula. 

Such formulas are used in order to abbreviate formulas with multiple nestings 
of fixpoint subformulas of the same kind. We give an inductive translation from 
formulas in vectorial form into ordinary formulas. Let 

Xl Vi 



$ = a < 



X„ 



be a formula in m-vectorial form as above. Let X denote the set {X\, 
By convention, X\ is the entry variable. For each ipi and for each ( 



X define a formula iff 

aXi.i/atyJW/Xj : j e 
meaning for $. 



inductively via ip. 



W 



. . , X r 

/ y 



c 



aXi.ipi and for i G y via ipf 



y \ {i}]. The formula aX\.ip 1 u ' provides the intended 
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The size of this formula can be estimated as follows: The size of aXi.ipi is |^| + 1. 
The size of aXi.ipf can be bounded from above by \<pi\ + 1 + '^jey\{i}\ i fij^ i ^\- If 

v\ hi 

c = max.; \tpi\ then \aXi.tp 1 \ 6 0(c ■ ml). While this procedure has very bad 
complexity, to our knowledge, no better procedure is known. 

Example 2.1. Consider the following 3-vectorial formula where di/j is used to 
abbreviate AaesHV'- 

{X. □ffV(a)rv^ > | 
Y. (b)(YVX) I 
Z. (a)X V (c)Z J 

It expresses "there is a maximal path labelled with a word from (ab + + c*a)*". It 
abbreviates the following formula in non- vectorial form. 

liX.Uft V (a)(fjY.(b}(Y V X)) V ^iZ.(a)X V (c)Z 

Guardedness and Weak Guardedness. A formula p is guarded w.r.t. a variable X 
if every occurrence of X that is bound by some aX.ip is in the scope of a modal 
operator (a) or [a] within ip. A formula ip is guarded iff </? is guarded w.r.t. every 
bound variable. 

We say that the variable X is weakly guarded in p if X is guarded or if it occurs 
under the scope of another fixpoint quantifer in its defining fixpoint subformula 
aX.tp. Take for instance fiX.q V (^Y.(q A X) V (q A Y) V (a)Y). Then Y has both 
a guarded and an unguarded occurrence, whereas the only occurrence of X is not 
guarded but it is weakly guarded. Note that weak guardedness is indeed weaker 
than guardedness, hence, not being weakly guarded entails not being guarded. 

For a formula in vectorial form, an unguarded cycle is a sequence of variables 
Xi,...,X n such that Xi + \ occurs unguarded on the right hand side of Xi for 
all i < n and such that X\ occurs unguarded on the right hand side of X n . A 
formula in vectorial form is guarded if it does not contain any unguarded cycles. 
An occurrence of a variable X is weakly guarded or if it occurs on the right side of 
a variable Y ^ X. The reader is invited to check that a formula in vectorial form 
is guarded if and only if the associated non- vectorial formula is guarded. 

Example 2.2. The formula 

/iA.Dff V (a)(^Y.(b)(Y V X)) V fiZ.{a)X V {c)Z 

from Example 12.11 expresses "there is a maximal path labeled with a word from 
{ab + + c*a)*" and is guarded. However, consider the following formula which ex- 
presses the slightly different property "there is a maximal path labeled with a word 
from (ab + + c*)*". 

fiX.Off V (a)( f iY.(b)(Y V X)) V fiZ.X V {c)Z 

It is not guarded; in particular, there is an occurrence of X — the latter one — which 
is not guarded in its defining fixpoint formula, which happens to be the entire 
formula in this case. 

A guarded transformation for is a function r : —> such that r(p) is 
guarded and r(tp) = p for every p 6 
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3. Guarded Transformation As Before Is Exponential 

Guarded Transformation Without Vectorial Form. The guarded transformation pro- 
cedures for non-vectorial formulas by Kupferman et al. and Mateescu rely on two 
principles. The first principle is the well-known fixpoint unfolding. 

Proposition 3.1. For every aX.ip £ £ M we have aX.tp = tp[aX.(p/X]. 

The second principle states how occurrences that are not weakly guarded can be 
eliminated. 

Proposition 3.2 (16, 18 J. Let aX.ip £ and let aX.cp' result from aX.ip by 
replacing with a every occurrence of X that is not weakly guarded. Then aX.ip = 
aX.ip'. 

These two principles can be combined to a simple guarded transformation pro- 
cedure. Starting with the innermost fixpoint bindings, one replaces all occurrences 
of the corresponding variables that are not weakly guarded by tt or ff using Propo- 
sition [321 Note that for the innermost fixpoint subformulas, the concepts of being 
weakly guarded and being guarded coincide. Thus, the innermost fixpoint subfor- 
mulas are guarded after this step. 

For outer fixpoint formulas this only ensures that all remaining occurrences are 
weakly guarded. However, by the induction hypothesis, all inner ones are already 
guarded, and unfolding them using Prop. [3~T1 puts all weakly guarded but unguarded 
occurrences of the outer variable under a (a)- or [a]-modality. Hence, only occur- 
rences that are either guarded or not weakly guarded survive, and the latter can 
be eliminated using Proposition 13.21 again. 

Let To denote the guarded transformation which works as described above. 
Kupferman et al. claim that the worst-case blowup in formula size produced by 
To is linear, Mateescu claims that it is quadratic. We will show that it is indeed 
exponential. Consider the family of formulas 

$„ := nX 1 ...nX n .(X 1 V---VX n )V(a)(X 1 \/-'-VX n ). 

Theorem 3.3. We have |$„| = 'in + 1 and |t ($„)| = Q(2 n ). 

Proof. The first claim about the linear growth of $ ra is easily verified. We prove 
that To($„) contains a subformula of modal depth at least 2™ _1 , which entails 
exponential size of To($ n )- 

Let ip = (Xi V ••• V X n ). Mateesecu's guarded transformation transforms a 
(strict) subformula of the form aX.ijj, into fx(t'(ip))[aX.fx(t'(ip))/X], where t' is 
the guarded transformation for subformulas and fx replaces unguarded occurrences 
of X by a. Moreover, t'((p V (a)(f) = ip V (a)<p. For 2 < i < n, define ipi — 
t'(\iXi ■ -'X n .((p V (a)<p). Then ip n = fx n {<P V (a)(p)[fiX n .f Xn (<p V (a)<p)/X n ], and 
generally, tpi = f Xi ((p i+ i)[fxXi.f Xi (ip i+ i)/Xi\. We show that ip t contains <p> at 
modal depth 2^ n+1 ~ l \ Clearly ip n contains <p at modal depth 2 = 2 1 . Since 
'Pi = fxi { l Pi+i)[l JL Xi.fx i (ipi+i)/Xi\, we have that, if ipi+i contains cp at modal depth 
2"^ 1 , then (pi contains ip at double the modal depth, or 2 • 2"~ l = 2" +1 ~\ Hence, 
t\[iX2 ■ ■ ■ /J,X n .(cp V (a)ip)) = ip2 contains a formula of modal depth 2"~ 1 . Finally, 
Mateescu defines To(aX.tp) = o-X.f x (t'(ip)), whence To(3? n ) = fiXx.f x ((p2), and 
the proof is finished. □ 
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Guarded Transformation With Vectorial Form. Neumann and Seidl present guarded 
transformation in the context of hierarchical equation systems (HES) over distribu- 
tive lattices with monotone operators |19j . Such equation systems can be seen as a 
generalisation of vectorial form, and the powerset lattice with operators associated 
to (a) and [a] is distributive. Hence, the HES obtained from /^-formulas form a 
subclass of the class of all HES. Moreover, the notion of guardedness has a suitable 
generalisation for HES. Furthermore, the class of HES obtained from £ M -formulas 
allows a guarded transformation that runs in polynomial time. Unfortunately, 
the resulting guarded HES are no longer in the class that corresponds directly to 
^-formula, whence the procedure by Neumann and Seidl does not constitute a 
polynomial guarded transformation. 

This has, roughly speaking, the following reason. Consider the variable depen- 
dency graph of a non-vectorial formula, defined as follows: The variables form the 
nodes, and there is an edge from variable X to variable Y if Y depends onXQ For 
£ Al -formulas, this graph is a tree with back edges, i.e. there is a set of edges that, if 
removed, leaves a tree. Moreover, the edges in this set go from a node to one of its 
predecessors in the tree. Forward edges correspond to occurrences of aY.tpy in the 
scope of a'X.tpx, that is, without a third fixpoint binder in between. Back edges 
correspond to occurrences of X in ipy such that aY.ipy is a subformula of a'X.ipx ■ 
On the other hand, the variable dependency graph can be quite complicated already 
for yC^-formulas in vectorial form: In a formula in m-vectorial form with variables 
Xi, . . . ,X m , the dependency graph, restricted to these variables, can be the com- 
plete graph with m vertices. In general HES, this behaviour is not restricted to a 
single vector alone. The guarded transformation procedure of Neumann and Seidl 
destroys the nice structure of the dependency graph. An example is the following 
family of formulas: 

m n 

IaXl . ..iiX n .X x V • • -X n V (o)( V/ nY r {a)(Y 3 V \J X,)) 

j=l i=l 

The associated equation system looks roughly like this: 

x 1 = x 2 y 1 = («)(y 1 viiv..-vi„) 

X n -! = X n Y m = {a)(Y m V Xt V • • • V X n ) 

X n = Xi V • • • VI„ V (a)(Yi V • • • V Y m ) 

After the guarded transformation, the HES looks like this: 

X x = (a)(Y 1 V • • • V Y m ) Yi = <a}(Yi V X x V • • • V X n ) 

X n = (a)(Yi V • • • V Y m ) Y m = (a)(Y m V X x V • ■ • V X n ) 

This HES has a variable dependency graph that is not a tree with back edges. To 
our knowledge, there is no known way to transform such a HES into a /^-formula 
without exponential blowup. 



NB: This is the converse of the way Neumann and Seidl define variable dependency. 
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4. Guarded Transformation Is Not That Easy 



In this section we show that guarded transformation for HES is at least as hard — 
modulo polynomials — as parity game solving. The problem of whether or not the 
latter is possible in polynomial time has been open for a long while. We also show 
that unfolding a formula in vectorial form into an equivalent non- vectorial formula 
is at least as hard as parity game solving. The core of the proofs is a product 
construction similar to that in Kupferman et al. [16) . 

Theorem 4.1 (Product Construction). For every LTS T with state s and every 
closed cp 6 £ p there is an LTS T' with a state Vq and vectorial ip' € $ M such that 



Proof. Let T = (S,—>,£) and let ip be defined over propositions V and variables 
V. W.l.o.g. we assume that S = {1,.. . ,m} for some m £ N. Define new sets of 
propositions V' := V x S and variables V := V x S. We write X s and q s instead 
of (X, s) and (q, s). 

Let T' — ({wo},0,^') consist of a single state with the following labeling: q s 6 



Next we give an inductively defined transformation tr : S x £ M — »• which turns 
an £ M formula over V and V into a £> M formula over V' and V' . 



tr s {q) = q s 

tr s (g) = q~s 

tr s (X) = X s 

tr.(V>iVVa) = tr.(^i) Vtr,(^a) 

tr s (-01 A ip 2 ) = tr s (^i) A tr s (ip 2 ) 

tr s ((a)ip) = \J{tr t (ip) \ t e S with s-^t} 

tr s ([a]V>) = /\{tr t (^) \ teS with s-^t} 



• T, s h V iffT',v \= ip', 

• |71 = 0(M • \T\). and 
. |^| = 0(M-|T|) 2 . 



(v ) iSq€£{s). 




tr.OA 1 ) 
tri^ 1 ) 



Xi 



s+l 



s-1 



trs-iW- 1 ) 
tr.+i^ 1 ) 




tr™^ 1 ) 
triW- 2 ) 



> 



tr m (V> 2 ) 



tn(^ n ) 



tr m (V>") 
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Now let ip' be defined as tr ao ((f). It should be clear that <// is indeed a formula of 
Bfj,, and that its size is bounded by (\ip\ ■ |T|) 2 . Correctness of the reduction is not 
hard to prove either. We present an invariant which can easily be used to show by 
induction that T, s |= ip iff vq |= ip' for any sgS. The following stronger statement 
holds: let p : V — > 2 s be an environment for an C p formula interpreted over T. 
Define its associated T'-environment p' : V' x S — > 2^""^ as 



Theorem 4.2. Guarded Transformation for £ M - formulas or B^- formulas in vecto- 
rial form is at least as difficult as solving parity games. 

Proof. We show that any polynomial guarded transformation for S^-formulas in 
vectorial form yields a polynomial solution algorithm for parity games. The state- 
ment for /^-formulas follows from that because every guarded transformation for 
£ M -formulas is also one for S^-formulas. 

Assume that there is a guarded transformation procedure r for vectorial B p - 
formulas. Given a parity game, we can treat it as an LTS with one accessibility 
relation and labellings for ownership and priority of states. Solving the parity 
game means deciding whether the first player wins from the initial vertex, and this 
is equivalent to model-checking Walukiewicz' formula |21j for the corresponding pri- 
ority. This formula is of size linear in the number of priorities, hence it is polynomial 
in the size of the parity game. Via the product construction from Theorem 14. 1( we 
obtain a vectorial £> M -formula tp that is also of size polynomial in the size of the 
parity game, and a one-state transition system T' such that T \= (f if and only if 
the first player wins the parity game. Consider r(tp). Because t runs in polynomial 
time, the size of r{ip) is still polynomial in the size of the parity game. Moreover, 
since the truth value of the 23^-formula ip only depends on the state Vq, this must 
be true for r(tp) as well. In effect, all modal operators introduced by t are vacuous 
and can be replaced by tt in case of Boxes, and by ff in case of Diamonds. The 
resulting vectorial formula is again strictly boolean, but also guarded. Hence, it 
can not contain any occurrences of fixpoint variables at all, since any such occur- 
rence would be unguarded. Therefore, all fixpoint quantifiers can be removed. The 
resulting formula is purely propositional and can be solved in polynomial time by 
a simple bottom-up algorithm. This yields the desired polynomial solution for the 
parity game. □ 

Theorem 4.3. Transforming a vectorial C^-formula to a non-vectorial C^-formula 
is at least as difficult as solving parity games. This also holds for B p . 

Proof. We show that any polynomial procedure that transforms a vectorial B p - 
formula into a vectorial S^-formula yields a polynomial solution algorithm for parity 
games. As in the proof for Theorem 14.21 given a parity game we consider the 
vectorial £> M -formula created as product of the LTS from of the parity game and the 
corresponding Walukiewicz formula. By assumption, we can transform it into a non- 
vectorial B^-formula in polynomial time. However, B^-formulas can be evaluated 
in linear time [19 a whence, in effect, we can solve the parity game in polynomial 
time. □ 





otherwise. 



Then, for all s € S and all ip, we have T, s \= p ip iff T', vq \= p i tr s (i/>). 



□ 
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In fact, this theorem even holds for HES in the sense of Neumann and Seidl, 
since any formula in vectorial form can be considered a HES over the powerset 
lattice of the underlying set of a transition system, and with operators (a) and [a] . 

5. Conclusion 

In Section [3] we saw that the known guarded transformations produce an expo- 
nential blowup in the worst case. In Section |4] we saw that a guarded transforma- 
tion for vectorial formulas automatically entails a polynomial solution algorithm 
for parity games. We also saw that polynomial translation from vectorial formulas 
to non-vectorial formulas yields the same. The existence of a polynomial guarded 
transformation for non-vectorial formulas is still open, and it is possible that such 
a transformation exists without yielding a polynomial solution algorithm for parity 
games. 

Consequences and Corrections. Several constructions and procedures that deal with 
the modal ^(-calculus directly or indirectly use guarded transformation. Often they 
use the (possibly) false claim that guarded transformation can be done at a linear or 
quadratic blow-up. We examine consequences of the fact that according to current 
knowledge, guarded transformation is exponential. 

As a first step, it is interesting to check whether any of the results from Kupfer- 
man/Vardi/Wolper's seminal paper on automata for branching-time temporal logics 
[16) crucially rely on a polynomial guarded transformation. Fortunately, this is not 
the case. The product automaton construction [TBI Prop. 3.2] also works if the input 
automaton is not e-free, and the resulting product automaton has no e-transitions. 
This allows the subsequent Thm. 3.1 to be applied, which needs e-free automata. 
Hence, all results of [16] that rely on a polynomial guarded transformation remain 
true. 

In [11] , the reliance on a polynomial guarded transformation causes problems. It 
is not immediately obvious that the complexity results for satisfiability of existential 
and universal and alternation-free (claimed to be NP-complete) as well as 
derived results should hold for unguarded formulas. A preceding transformation 
into guarded form will exhaust the complexity limitations, so further investigation 
on this work is necessary. 

Mateescu claims that model checking for on acyclic structures can be done in 
polynomial time. He observes that on acyclic structures, least and greatest fixpoints 
coincide. Thus, the alternation hierarchy collapses to its alternation-free fragment 
on such structures. It is known that this fragment can be model-checked in linear 
time [2]. However, least and greatest fixpoints only coincide for guarded formulas: 
Clearly \iX.X and vX.X are not equivalent, not even on acyclic structures. The 
collapse result is still true but with current technology at hand, we need to assume 
an exponential blow-up in formula size. Thus, model checking guarded formulas on 
acyclic structures can be done in polynomial time, arbitrary formulas still require 
exponential time. 

Automata and e-transitions. A problem closely related to guarded transformations 
is the elimination of e-transitions from alternating automata. It is standard practice 
to construct alternating parity tree automata from guarded £ M -formulas, or weak 
alternating tree automata from guarded alternation- free formulas [22J [10] . The 
resulting automata are of size linear in the size of the formula. The situation 
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is different for unguarded (alternation-free) /^-formulas because of the absence 
of a polynomial guarded transformation. Currently, we need to assume a blow- 
up that is exponential in the size of the formula when translating arbitrary, and 
therefore possibly unguarded, iZ^-formulas into alternating parity tree automata. 
If e-transitions are allowed in alternating parity tree automata then it is possible 
to translate arbitrary £ M -formulas into such automata at a linear blow-up only; the 
known constructions can be modified accordingly. 

From Theorem 14.11 follows also that a polynomial procedure that eliminates e- 
transitions in parity tree automata yields a polynomial algorithm for parity games: 
It is not difficult to encode a /3^-formula in vectorial form into an automaton that 
only has e-transitions. Eliminating these means solving the formula, a problem we 
know to be at least as hard as solving parity games by the theorem. The existing 
procedures to eliminate £-transitions from parity tree automata have an exponential 
blowup. An example is a procedure of Wilke's [53] that also incurs a quadratic 
blowup in the number of states^ Finally, translating parity tree automata back 
into /^-formulas must be considered (super)exponential in the number of states as 
well, since any polynomial translation could be used to unravel formulas in vectorial 
form into non- vectorial formulas. 

The above means that the size of an alternating automaton cannot be measured 
in terms of number of states. Instead, such a notion of size has to include the size 
of the transition relation, which can easily be exponentially larger. An example 
of the confusion that the wrong measure can cause is Kupferman/Vardi's work on 
alternating automata. They show that nonemptiness of weak alternating automata 
can be checked in linear time when size is measured including the transition relation 
[16] . This result is then used in a context where the size is measured in the number 
of states [IT]- We do believe that this claim, and subsequent results, are to be 
questioned. 

Further Research. The existence of a polynomial guarded transformation is still 
open, both for vectorial as well as non-vectorial formulas. It is also not known 
whether the existence of a polynomial guarded transformation procedure for non- 
vectorial formulas would entail parity games being solvable in polynomial time. 
Moreover, it is not known whether it is possible to unfold vectorial formulas into 
non-vectorial formulas with only polynomial blowup. Since the last two problems 
do entail a polynomial algorithm for parity games, we believe that, in order to find 
a polynomial algorithm for parity games, focusing on games directly might be more 
fruitful. 

Finally, the converse questions are also open: Does a polynomial solution algo- 
rithm for parity games entail a polynomial guarded transformation procedure? Does 
it entail a polynomial procedure to unravel vectorial formulas into non-vectorial 
formulas? Of course, the ability to solve parity games in polynomial time allows 
polynomial model-checking for vectorial formulas, but the problems of guarded 
transformation, respectively of unravelling vectorial formulas, might be of indepen- 
dent interest. 



The paper does not state the quadratic blowup. Closer inspection shows that the result is 
flawed, but can be repaired with quadratic blowup. 
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